Community discussions

MikroTik App
 
man
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Tue Jul 25, 2017 2:58 pm

disable "Drop all not coming from LAN" rule

Thu Apr 05, 2018 12:02 pm

Is there a way to disable this deffault "Drop all not coming from LAN" rule somehow using script/ maybe autorun script (if it is possible) after hardware reset.
It is very important, as i will need to upload my config script to 20-30 devices at a time, and i may do it using API (java api), but for that i will need to connect directly to each router device via wifi or ethernet and to disable this rule manually. It is not very convenient, but i may do that. And if we are talking about users with general knowlanges It is not an option...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: disable "Drop all not coming from LAN" rule

Thu Apr 05, 2018 12:15 pm

Do not disable that rule!
Insert an "accept" rule above it with src-address equal to your IP address on internet.
That way you have access, but the rest of the world cannot easily walk in.
 
man
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Tue Jul 25, 2017 2:58 pm

Re: disable "Drop all not coming from LAN" rule

Thu Apr 05, 2018 12:24 pm

Thank you for such a fast an answer and tip!
Any way i will need to connect to each board for adding a new rule.
Maybe you or someone may give a tip of how to do it Like it is doing with autorun on windows (just connect some usb with autorun in the root of storage and it is picked up .... )
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: disable "Drop all not coming from LAN" rule

Thu Apr 05, 2018 2:16 pm

You will have to think about your rollout plan!
There are several ways to set standard config, e.g. by specifying a config file during netinstall.
There is no "simple trick to override the firewall from remote", for obvious reasons.
 
man
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Tue Jul 25, 2017 2:58 pm

Re: disable "Drop all not coming from LAN" rule

Thu Apr 05, 2018 2:54 pm

Thanks. As an option for uploading my config script and add a startup schedule i have connected all routers to the same switch in same sub network.
But it is really good only for the first installation. And not for the reconfiguration after hard reset...
Going to check what is netinstall and how it may help me.
 
User avatar
ADahi
Member Candidate
Member Candidate
Posts: 209
Joined: Thu Sep 21, 2017 7:16 pm
Location: Iraq, Ninavah
Contact:

Re: disable "Drop all not coming from LAN" rule

Thu Apr 05, 2018 6:54 pm

 
Mangofi
just joined
Posts: 10
Joined: Sat Aug 19, 2017 11:09 pm

Re: disable "Drop all not coming from LAN" rule

Tue Aug 28, 2018 12:31 pm

Do not disable that rule!
Insert an "accept" rule above it with src-address equal to your IP address on internet.
That way you have access, but the rest of the world cannot easily walk in.
do you mean with public ip?
if so, what to do with a dynamic public ip?

Who is online

Users browsing this forum: drpioneer and 25 guests